General

  • Target

    flbfu6.msi

  • Size

    504KB

  • Sample

    230530-3c3c3acd6s

  • MD5

    101aefb58c77d2fe5b6a7bc1e13ac9d3

  • SHA1

    13cbe917288c2f42925b1773838ce2df0a142385

  • SHA256

    a5dd3acf7e57cc25ab353d80584c4cf8e148b3504f498e243c4be48f9fc1f064

  • SHA512

    f745fe34b525ffbd04768bde8c22a0180435b0a406c8eb9196a8bd39029f46df2a1d356797d77490236bd07086853a254bc156982c8da349486b5591d660d9f5

  • SSDEEP

    6144:nESkw7402pCiyBH6DlIxtWb9jOyHLmsjzcGet8Rghs0O892YptgrGzjkacDO+cDb:zkdiMHHLmKzQ8tfacDO+wVydjv3k

Malware Config

Extracted

Family

qakbot

Version

404.1320

Botnet

BB30

Campaign

1685433861

C2

12.172.173.82:50001

178.175.187.254:443

65.95.141.84:2222

205.237.67.69:995

83.110.223.61:443

193.253.100.236:2222

27.0.48.233:443

102.159.188.125:443

71.38.155.217:443

58.186.75.42:443

76.178.148.107:2222

70.28.50.223:2087

114.143.176.236:443

51.14.29.227:2222

59.28.84.65:443

173.88.135.179:443

103.144.201.56:2078

96.87.28.170:2222

105.186.128.181:995

176.142.207.63:443

Targets

    • Target

      flbfu6.msi

    • Size

      504KB

    • MD5

      101aefb58c77d2fe5b6a7bc1e13ac9d3

    • SHA1

      13cbe917288c2f42925b1773838ce2df0a142385

    • SHA256

      a5dd3acf7e57cc25ab353d80584c4cf8e148b3504f498e243c4be48f9fc1f064

    • SHA512

      f745fe34b525ffbd04768bde8c22a0180435b0a406c8eb9196a8bd39029f46df2a1d356797d77490236bd07086853a254bc156982c8da349486b5591d660d9f5

    • SSDEEP

      6144:nESkw7402pCiyBH6DlIxtWb9jOyHLmsjzcGet8Rghs0O892YptgrGzjkacDO+cDb:zkdiMHHLmKzQ8tfacDO+wVydjv3k

    • Qakbot/Qbot

      Qbot or Qakbot is a sophisticated worm with banking capabilities.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks